Sunday, October 9, 2011

Integrity for sessionStorage

There are many different ways to think about security. I prefer the following approach:

Define a set of threat models that describe the attacker's capabilities. For example, the "man-in-the-middle" is a classic threat model in network security that represents an attacker who has complete control over the network but who has no control over network endpoints.

Identify a set of security properties that we wish our system to achieve. Defining good security properties is a tricky business, and we're mostly going to wave our hands in this blog. If you'd like an example, you should imagine something like "the attacker doesn't learn the contents of the user's email."

Determine whether an attacker with the capabilities described in the threat model could possibly defeat any of the security properties of our system. We usually assume that the attacker knows exactly how our system works (e.g., because attackers can read W3C specifications).

This approach tends to be somewhat conservative in the sense that we underestimate whether our system is secure. That's helpful when thinking defensively because being conservative pushes us to design systems that are secure robustly rather than systems that are secure by some happy accident.

So far, this post has been very abstract, but let's get concrete. Recently, I've been corresponding with a number of Firefox developers about Firefox Bug 495337. There are a number of technical details, but the issue boils down to the three factors above:

Threat model. We're concerned with an active network attacker. (I need to write a "foundations" post introducing the important threat models in web security, but I didn't want to write too many foundations posts in a row.) Essentially, an active network attacker has full control over the network (e.g., they can intercept and spoof HTTP requests and responses), but have very little power over secure network connections (e.g., they can't mess with TLS connections).

Security property. Here's where things get interesting. What are appropriate security properties for sessionStorage (an API for semi-persistently storing data in the browser)? I claim that the data an origin stores in sessionStorage should have confidentiality and integrity (i.e., other origins should not be able to learn or to alter data stored in sessionStorage).

Could possibly defeat. That leaves us with the question of whether an active network attacker could possibly defeat the confidentiality or integrity of data in sessionStorage. I claim that such a thing is possible in Firefox (via a somewhat elaborate sequence of steps) because Firefox's behavior deviates slightly from the specification. Specifically, in some circumstances that an attacker can provoke, Firefox considers only the host portion of the origin, ignoring the scheme and the port. By ignoring the scheme, Firefox lets a network attacker leverage his or her ability to control HTTP to disrupt the integrity of HTTPS data in sessionStorage.

Does this represent a "real" security problem? Well, that's a hard question to answer. Certainly this issue makes it harder to understand the security of systems that use sessionStorage. Instead of being able to use clean abstractions like confidentially, integrity, and origin, we need to understand more details of how exactly an attacker can subtly manipulate sessionStorage.

Ultimately, complexity is the enemy of security. Applied judiciously, threat models and security properties can help you understand the security of your system in simpler terms.

Gameplay’s fun – random shop sucks. Nice idea but it’s just too annoying to try to build the kind of tank trouble unblocked you want with randomness. Also, it’d be nice to be able to replay levels – tank trouble then we could mess with different weapons and stuff and see what’s up more easily.

Hotmail is an email account of Microsoft Corporation. Like Google's Gmail, it is full of features usually xuyen.Neu of an email you want to register an account please follow these basic steps:Hotmail login

One Penguin Takes it personally when he is surfing the web and stumbles upon a web site telling him that he cant fly, after that he sets his mind to research and practice flying until he can prove the world that he can.. Slitherio | LEARN TO FLY | LEARN TO FLY 2

Strike Force Heroes is a new game action-packed shooter from the creators of Raze; with 3 game modes, 15 campaign missions and over 65 weapons.Strike Force Heroes 4

Is there anyone but me concerned about the fact, that the auth tokens (i.e. jwt tokens) are stored in javascript-accessible storage (localStorage/sessionStorage), making them susceptible to XSS (Cross Site Scripting) attacks?

Gurgaon Escorts the top of Indian escorts to the great cities of India as nicely as some other city. Our customers comeback time and afterwards forasmuch they know they can depends on us for confidentiality agreement and imitable service. Escorts Service in Gurgaon

Furniture movehe majority of DIY home movers are really interested in knowing how to properly load their rented moving vehicles so that the entire storage space is utilized in the best possible way. نقل عفش بالرياض The main concern for families who have decided to move on their own still remains the danger of choosing a moving truck with insufficient space for their belongings. شركة شراء اثاث مستعمل بالرياض To complicate things further, even the right choice of a rental moving vehicle can easily turn out to be a serious problem if the loading process is not done the right way. And believe us, leaving prized possessions behind or being forced to make two trips are two moving scenarios you don’t really want to go through for various reasons.شركة نقل عفش بالرياض - افضل شركة شراء اثاث مستعمل بالرياضEverybody knows that when given at the right time, good moving advice can mean the world to stressed home movers, and will prove to be the difference between a successful house move and a disastrous problem-filled relocation. افضل شركة تخزين اثاث بالرياض This is why, having already described in details the truck loading process and the way to overcome its challenges, it’s only fair that we say a few words about how to unload a moving truck once you have reached your destination.افضل شركة نقل اثاث بالرياضHow to load a rented truck like a pro

What items should be loaded first? Your fully packed and properly labeled moving boxes should be loaded first into the rented truck. شراء اثاث مستعمل بالرياضStack them vertically and go higher and higher against the back of the moving vehicle. Make sure the heaviest boxes stay at the bottom and the lighter and more fragile ones go on the top.شركة نقل اثاث من الرياض الى الكويت - شركة نقل اثاث من الرياض الى الاردنYour large furniture pieces are next – lay a moving blanket on the floor, load any mattresses or box springs and place them vertically by the boxes and secure them to the side wall. افضل شركة نقل عفش بجدة Also, get in the rest of your furniture piece by piece (dressers, couches, sofas, etc.) and strap them to the side walls as well. شركة نقل عفش بجدة The usual damage on the road occurs when heavy items rub against each other, so be sure to wrap the exposed surfaces with moving blankets, bubble wrap or old pieces of clothing for extra protection of your valuable possessions.Heavy kitchen appliances and packed wardrobe boxes should be loaded onto the truck last, secured well for safe transportation and unloaded first when the vehicle reaches its destination.شركة نقل اثاث بجدةDisengage the loading ramp, close the back of the rental truck securely and drive safely. افضل شركة تخزين عفش بالرياض

The share your really gives us excitement. Thanks for your sharing. If you feel tired at work or study try to participate in our games to bring the most exciting feeling. Thank you!hotmail sign in | red ball 1